“Anti-virus” software is basically a rootkit, because it has to intercept every file access, which requires a kernel module. It’s more than likely that Sophos will require that too. Unfortunately, you have to buy a license before you can even download it, so I can’t check.
Maybe you can talk to the person in charge and ask whether ClamAV will do as well, because there is already a module available for NixOS.
On a personal note, this seems very pointless to me. Why does your company allow you to run your own operating system in the first place? Also using an anti-virus on Linux is really unnecessary. The existence of Android has proven that the Unix user separation is a sufficiently powerful concept to prevent unauthorized access to private data (one app cannot read another app’s data). If Unix users weren’t secure enough we’d hear about stolen credit card info on smartphones every day.